A recent blog post from Google breaks down how Android’s new ‘Keystore’ features keep your slice of Pie safer.
Some of this ties into Google’s Titan M security chip installed on Pixel 3 devices, but other portions of Keystore are at the OS level. In other words, some of the new Keystore features help anyone using Android 9.0 Pie.
Keystore gives app developers a set of cryptographic tools designed to secure users’ data. One of the benefits of Keystore is that it moves tools available in the Android OS into secure hardware on device. This adds extra security, as apps can only use these cryptographic keys within the secure hardware, protecting them from various attacks.
One of the new Keystore capabilities introduced with Android Pie is Keyguard-bound keys.
Mobile applications often receive data but don’t need immediate access to it. That data must remain secure until the user needs to access it. This is where Keyguard-bound keys come in.
Applications can’t use these keys for decryption or signing when the screen is locked. However, when a user unlocks the device, Keyguard-bound keys become available for use.
While this Keyguard-binding operates similarly to another security tool, authentication binding, there’s an important distinction. Keyguard binding is tied directly to the screen’s lock state, whereas authentication binding has a constant timeout.
It’s also worth noting keyguard binding happens at an OS level as secure hardware chips wouldn’t know when the screen is locked. However, using Keyguard binding with hardware-based authentication binding creates a safer environment for storing important cryptographic data. Further, any Android Pie device has access to Keyguard binding as its an OS level feature.
Secure key import
The other new feature allows devices to import keys securely. Primarily, a key origin point, such as a remote server, data center or another cloud-based storage system, can use a public wrapping key to encrypt security keys. This public wrapping key comes from the user’s device, and that device is the only one that can decrypt it.
Further, the wrapping key keeps its contents hidden during transit and from the OS, meaning only the secure hardware can see the key contained in the wrapper.
An example of an app that uses this is Google Pay, which provisions some keys on the Pixel 3 to prevent them from being intercepted.
Overall, these security features add several extra layers of protection to valuable information sent to and received with your phone. Google has done a lot with the Pixel 3 and the Titan M chip to improve security as well.